• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字

h3xstream/burp-retire-js: Burp/ZAP/Maven extension that integrate Retire.js repo ...

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

h3xstream/burp-retire-js

开源软件地址(OpenSource Url):

https://github.com/h3xstream/burp-retire-js

开源编程语言(OpenSource Language):

JavaScript 96.7%

开源软件介绍(OpenSource Introduction):

Retire.js (Burp plugin) Build Status

Burp / ZAP extension that integrate Retire.js repository to find vulnerable JavaScript libraries. It passively look at JavaScript files loaded and identify those vulnerable based on various signature types (URL, filename, file content or specific hash).

License

This software is release under Apache 2.0.

Downloads

Last updated : December 10th, 2019

Burp Suite plugin : Download (also available on the BApp Store)

ZAP plugin : Download

Burp plugin

Retire.js Burp plugin

Retire.js Burp plugin

ZAP plugin

Retire.js ZAP plugin

Maven plugin Maven Central

Run the Maven plugin with the goal scan:

$ cd myproject
$ mvn com.h3xstream.retirejs:retirejs-maven-plugin:scan
   [...]
[INFO] --- retirejs-maven-plugin:1.0.0-SNAPSHOT:scan (default-cli) @ myproject ---
[WARNING] jquery.js contains a vulnerable JavaScript library.
[INFO] Path: C:\Code\myproject\src\main\webapp\js\jquery.js
[INFO] jquery version 1.8.1 is vulnerable.
[INFO] + http://bugs.jquery.com/ticket/11290
[INFO] + http://research.insecurelabs.org/jquery/test/
   [...]

The additional parameter -DretireJsBreakOnFailure can be use to break the build when at least one vulnerability is found.

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.450 s
[INFO] Finished at: 2015-02-19T13:37:00-05:00
[INFO] Final Memory: 11M/245M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.h3xstream.retirejs:retirejs-maven-plugin:1.0.0:scan (default-cli) on project
my-web-app: 6 known vulnerabilities were identified in the JavaScript librairies. -> [Help 1]
[ERROR]

Run the Maven plugin as part of your build

Use the following configuration to run the Maven plugin as part of your build. Only one <repoUrl> may be specified at a time. To scan / iterate earlier in your build cycle, you can bind the plugin to the validate phase.

  <plugin>    
    <groupId>com.h3xstream.retirejs</groupId>
    <artifactId>retirejs-maven-plugin</artifactId>
    <version>3.0.1</version>
    <configuration>
      <repoUrl>https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json</repoUrl>
      <!--<repoUrl>https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/npmrepository.json</repoUrl>-->
    </configuration>
    <executions>
      <execution>
        <id>scanProjectJavascript</id>
        <goals>
          <goal>scan</goal>
        </goals>
        <phase>install</phase>
      </execution>
    </executions>
  </plugin>

鲜花
握手
雷人
路过
鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
More+
上一篇:
BlackDuckCoPilot/example-maven-travis: Example project for setting up CoPilot wi ...发布时间:2022-08-17
下一篇:
jolira/onejar-maven-plugin: Maven-central compatible version of http://code.goog ...发布时间:2022-08-17
热门推荐
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap